By Dancho Danchev
Cybercriminals are currently spamvertising a malicious email campaign that’s designed to trick you into clicking on a bogus complaint.pdf link which ultimately leads to client-side exploits and malware.
The campaign is launched by the same gang that launched the “Spamvertised ‘Termination of your CPA license’ ” malicious campaign last month.
Spamvertised subjects: Your accountant license can be revoked; Rejection of your tax appeal; Fraudulent tax return assistance accusations; Tax return fraud notification; Internal Revenue service notification; Income tax return fraud accusations
Spamvertised message: We have received a complaint about your possible participation in income tax refund infringement on behalf of one of your clients. According to AICPA Bylaw Paragraph 765 your Certified Public Accountant status can be revoked in case of the aiding of submitting of a misguided of fraudulent tax return on the member’s or a client’s behalf.
Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to provide the clarifications within this term will result in withdrawal of your CPA license.
Spamvertised URL: hxxp://www.inductiveminds.com/wp-includes/aic.html
Upon clicking on the link, end and corporate users are exposed to a mix of client-side exploits that ultimately drop malicious software on the targeted hosts. In this case, the campaign attempts to exploit Libtiff integer overflow in Adobe Reader and Acrobat (CVE-2010-0188), and Help Center URL Validation Vulnerability (CVE-2010-1885), ultimately dropping malware with MD5:0e8ca3f42bc4cc8df8acccb8a4d4af67.
Avoid interacting with these emails. Report them as malicious as soon as possible, and also ensure you’re using the latest version of your third-party software and browser plugins when you browse the Web.